0

I received an email from someone I know and relating to a club we both belong to so I'm confident it is not harmful, but in my limited knowledge of email headers I can't tell why I received it as it was addressed to an email address at a totally different domain.

Although it has the header To: <[email protected]> it also has the header Delivered-To: [email protected] and I can't see any other header that might explain what happened.

Can anyone that understands email headers better than myself explain why this happened? The full headers are included below with the addressee's address anonymized as [email protected], the sender's address anonymized as [email protected] and my address anonymized as [email protected]

Delivered-To: [email protected]
Received: by 2002:a17:906:abd4:0:0:0:0 with SMTP id kq20csp1522444ejb;
        Fri, 9 Apr 2021 05:35:43 -0700 (PDT)
X-Received: by 2002:a05:6402:c1:: with SMTP id i1mr17154183edu.315.1617971743566;
        Fri, 09 Apr 2021 05:35:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617971743; cv=none;
        d=google.com; s=arc-20160816;
        b=FVqs1EahnvRbvt8FFZFCIaBPua/RxcD92oDKxkHvqL3qOqIGnXIlbcoS87paleT0/8
         T1v5krVU+YFsvY4mnI7YbYc4yvESCB8vNbr0XkWBnYg7GY/M+J02O/AcZWLoco0jaGhs
         mzassYUpBj/EQfhnRKk1ozVO05QraQ87QeoR3IAopyj5+10a8u/VkYPuPUjMIub/Hn2G
         Fq7x616k0cnh/nx51ADn/xzFKYJZrw4BN+7PCL3tXSb75syoBsjUEQjvAnenySutWSz7
         rAoaMHZvdZxRCnrdNntVpCqe9REPjH8QpvivhpEwI6gnh6AHWUU/Dv6kYLTjx5aPNQfM
         0gPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-language:thread-index:mime-version:message-id:date:subject
         :to:from:dkim-signature;
        bh=pdk79xbDyHvYq5L6e08DBSeYp6uMJLfGyugTatCUinQ=;
        b=W636jT76Jenx0BNTx1cySmTP3W5fKAvN2lD2cD7yk1ZZsEsN3KV02HUZdzsPksS5Nb
         XUvazAmCZn9gsVeVNB4N5EJiRsrE8fkS6ODUJT2ymxmqWtujvRiGgS3OE5o08YYpWDTw
         re6DqyblICp8WgGoeqoCdvsNqNGNoOtG+6igvVM8MDVjBCkL2BcHxGbS/xvNmYHVHlJq
         XfwpZ6poKcU/rJeYbaxEwW9gupDyl/ruVBIXSGYVXFv4KlSQ/J0JbW7P+ptBmzxwtg0Y
         7yoko/mcPRiwuRv5wO435vCsTqI9+IP4g5+Rot7vZn7cw9hsk+/ifFeBP+lrp86RAJI4
         ZYGw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=20161025 header.b=e72Bz8nw;
       spf=pass (google.com: domain of [email protected] designates 209.85.220.41 as permitted sender) [email protected];
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <[email protected]>
Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41])
        by mx.google.com with SMTPS id kd13sor1298229ejc.56.2021.04.09.05.35.43
        for <[email protected]>
        (Google Transport Security);
        Fri, 09 Apr 2021 05:35:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=20161025 header.b=e72Bz8nw;
       spf=pass (google.com: domain of [email protected] designates 209.85.220.41 as permitted sender) [email protected];
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:subject:date:message-id:mime-version:thread-index
         :content-language;
        bh=pdk79xbDyHvYq5L6e08DBSeYp6uMJLfGyugTatCUinQ=;
        b=e72Bz8nwG1S4yYOc625u0Mq8j+ATEJTHxgKwtqOjp8xjtGrlOgxBHVpt0MfCj78/6u
         U5y7Fb0sWfd9lzgtRYHDBeASiZnLU8Vc8jUyE85Fv6kebxIVN3bJuZTSUEqIf4367znG
         lDbPqeXOoeChCBylZfr7XudBhB5DLPm17DCIOhCJFFrJD9ZMjfnFhnGFc4oAds/U9cvG
         BVOC4gLCfYxG6Gsjkfx0dCIgnxtoG2N9hQaZZPB9lgGTeSCHnkH3D0LI7sYQNEPvRhCU
         +R7Cf+Cwa5MDZukuLXAq04x6CMG3/ASB/ihtb3/Kj0LgrKRMulc5CDwirLQZbbvr1LiG
         AgZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:subject:date:message-id:mime-version
         :thread-index:content-language;
        bh=pdk79xbDyHvYq5L6e08DBSeYp6uMJLfGyugTatCUinQ=;
        b=YwEA1rMs2NbGjr17edNHiCTRB5XdqSg7x3xFZSZaZK3jsw87hC7lzRpwtjhr+cq3gJ
         8M45k9tAmkr4yIkwOOeFxhZvyXKWTYaXB4/Ux7S0e7vBhUYcd6VlRGQ1o4lzmDWBJqqD
         ceRz+EhYmXg3yWyA261tNKV2xUdLb0FVojmYksvYOqXz9F3JJ90PJJL07VoYlBn5tMv3
         3DSWN7W+BrtfgUU0LhwY1Y+GNzCiPBAdIlLnvufYr05mZD+njHpvAcDyIzuf4W0zWXZU
         286jOb7aSIQt2MaCIguOWJaji2Qd2cl19LHiHPehwT7RoDOdMRnKZEMICM9PdLZ9B213
         MEiQ==
X-Gm-Message-State: AOAM530YVoAxC68mmNqDwp+8TpqImZEdwfkvE79L7PLyRawJHrolB35y 3wDV1AT1Pf99ST72QRufacU=
X-Google-Smtp-Source: ABdhPJxnWDb6KHNboUpTbvJb+J1EX/Afmew0nSXvxB6cyjV7H6eHvi8pLu1NcafdqLd1XBN4PUXBZA==
X-Received: by 2002:a17:906:1c05:: with SMTP id k5mr15682006ejg.456.1617971743359;
        Fri, 09 Apr 2021 05:35:43 -0700 (PDT)
Return-Path: <[email protected]>
Received: from DESKTOP7K26SNF (102-65-13-79.ftth.web.africa. [102.65.13.79])
        by smtp.gmail.com with ESMTPSA id ml13sm723340ejb.7.2021.04.09.05.35.41
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 09 Apr 2021 05:35:42 -0700 (PDT)
From: <[email protected]>
To: <[email protected]>
Subject: Photographic Club
Date: Fri, 9 Apr 2021 14:35:40 +0200
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0399_01D72D4D.9EAD7AE0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdctO/QbXbAiuYUgRcSHQ5sy4Vd0DA==
Content-Language: en-za
X-Antivirus: Avast (VPS 210408-4, 04/08/2021), Outbound message
X-Antivirus-Status: Clean
Improve this question
6
  • 1
    Are you aware that the "To" field is just text? The actual recipient is transmitted on SMTP level. May be the original recipient that you know has bounced this e-mail to you (redirect without any changes in the mail).
    – Robert
    Commented Apr 9, 2021 at 13:44
  • I was not, hence my asking. I was under the impression that the headers include the full story from sending to delivery. But I don't think this was a bounce; from the text of the message it was the sender giving someone interested in our club info about our next meeting. So I'm pretty sure she was the originator.
    – Steve Crane
    Commented Apr 9, 2021 at 13:55
  • 3
    Headers can be spoofed, so cannot be counted upon. On another note, your friend cannot be trusted if his computer is infected and it's the virus that's emailing you and reusing some of his existing emails to make it look normal. If any file is attached to the message, I suggest not opening it unless you're sure that it was sent by the right person.
    – harrymc
    Commented Apr 9, 2021 at 13:59
  • 2
    Headers would never contain anything about BCC recipients. Just ask the sender.
    – Daniel B
    Commented Apr 9, 2021 at 14:07
  • No attachments, just text. I'm not worried.
    – Steve Crane
    Commented Apr 9, 2021 at 17:46

1 Answer 1

Reset to default
1

Delivered-To Email Header Field seems to be a special Email Header Field.

Like this article mentioned, The address to which email is delivered might be different than any of the addresses shown in any of the content header fields that were created by the author. The address used by the mail transport service is provided separately, through an envelope SMTP "RCPT TO" command. Before final delivery, handling can entail a sequence of addresses that lead to the recipient. It can be helpful for a message to have a common way to record each delivery in such a sequence, and to include each address used for that recipient.

Similar issues as a supplement: How can the to: and delivered-to: fields in an email i received be different?

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .